Kubernetes - (Unauthenticated) Arbitrary Requests Exploit

!/usr/bin/env python3 import argparse from ssl import wrapsocket from json import loads, dumps from socket import createconnection def requeststage1base, version, target: stage1 = "" with open'ustage1', 'r' as stage1fd: stage1 = stage1fd.read return stage1.formatbase, version, target .encode'utf-...

Amazon Linux 2 : python3 (ALAS-2018-1132)

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming...

[SECURITY] Fedora 29 Update: ansible-2.7.5-1.fc29

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Deep Explorer - Tool Which Purpose Is The Search Of Hidden Services In Tor Network, Using Ahmia Browser And Crawling The Links Obtained

Dependencies pip3 install -r requirements.txt also you should have Tor installed Usage python3 deepexplorer.py STRINGTOSEARCH NUMBEROFRESULTS TYPEOFCRAWL Examples: python3 deepexplorer.py "legal thing" 40 default legal will crawl if results obtained in browser do not reach 40, also the script wil...

Medium: python3

Issue Overview: Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by contructing an XML document that would cause pathological hash collisions in Expat's internal data...

Fedora Update for python3 FEDORA-2018-5ed8fb9efa

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Making Vulnerable Web-Applications: XXS, RCE, SQL Injection and Stored XSS ( + Buffer Overflow)

In this post I will write some simple vulnerable web applications in python3 and will show how to attack them. This is all for educational purposes and for complete beginners. So please don't be too hard on me. As a first step I will create a basic web-application using twisted python web server...

[SECURITY] Fedora 28 Update: python3-3.6.7-2.fc28

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

Sheepl - Creating Realistic User Behaviour For Supporting Tradecraft Development Within Lab Environments

Sheepl : Creating realistic user behaviour for supporting tradecraft development within lab environments Introduction There are lots of resources available online relating to how you can build AD network environments for the development of blue team and red team tradecraft. However the current...

CMS Scanner - Scan Wordpress, Drupal, Joomla, vBulletin Websites For Security Issues

Scan Wordpress, Drupal, Joomla, vBulletin websites for Security issues. CMSScan provides a centralized Security Dashboard for CMS Security scans. It is powered by wpscan, droopescan, vbscan and joomscan. It supports both on demand and scheduled scans and has the ability to sent email reports...

Network and Web Pentest Framework: Jok3r

Jok3r is a Python3 CLI application which is aimed at helping penetration testers for network infrastructure and web black-box security tests. Its main goal is to save time on everything that can be automated during network/web pentest in order to enjoy more time on more interesting and challengin...

JQShell - A Weaponized Version Of CVE-2018-9206 (Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0)

JQShell A weaponized version of CVE-2018-9206 Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload = v9.22.0. Disclaimer Using this agianst servers you dont control, is illegal in most countries. The author claims no responsibility for the actions of those who use thi...

Python-Nubia - A Command-Line And Interactive Shell Framework

Nubia is a lightweight framework for building command-line applications with Python. It was originally designed for the “logdevice interactive shell aka. ldshell” at Facebook. Since then it was factored out to be a reusable component and several internal Facebook projects now rely on it as a quic...

Adult Filter 1.0 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: ADULT FILTER 1.0 - Denial of Service PoC Exploit Author: Beren Kuday GÖRÜN Vendor Homepage: http://www.armcode.com/adult-filter/ Software Link: http://www.armcode.com/downloads/adult-filter.exe Version: 1.0 Build 2007-Mar-12 Test...

Adult Filter 1.0 Denial Of Service

Exploit Title: ADULT FILTER 1.0 - Denial of Service PoC Date: 2018-10-28 Exploit Author: Beren Kuday GAaRAAN Vendor Homepage: http://www.armcode.com/adult-filter/ Software Link: http://www.armcode.com/downloads/adult-filter.exe Version: 1.0 Build 2007-Mar-12 Tested on OS: Windows XP Professional...

Adult Filter 1.0 - Denial of Service (PoC)

Exploit Title: ADULT FILTER 1.0 - Denial of Service PoC Date: 2018-10-28 Exploit Author: Beren Kuday GÖRÜN Vendor Homepage: http://www.armcode.com/adult-filter/ Software Link: http://www.armcode.com/downloads/adult-filter.exe Version: 1.0 Build 2007-Mar-12 Tested on OS: Windows XP Professional...

DNSDiag - DNS Diagnostics And Performance Measurement Tools

Ever been wondering if your ISP is hijacking your DNS traffic? Ever observed any misbehavior with your DNS responses? Ever been redirected to wrong address and suspected something is wrong with your DNS? Here we have a set of tools to perform basic audits on your DNS requests and responses to mak...

SubScraper - External Pentest Tool That Performs Subdomain Enumeration Through Various Techniques

SubScraper uses DNS brute force, Google & Bing scraping, and Virus Total to enumerate subdomains without an API. Written in Python3, SubScraper performs HTTPS requests and DNS "A" record lookups during the enumeration process to validate discovered subdomains. This provides further information to...

SUSE SLED12 / SLES12 Security Update : liblouis (SUSE-SU-2018:2780-1)

This update for liblouis, python-louis, python3-louis fixes the following issues : Security issues fixed : CVE-2018-11440: Fixed a stack-based buffer overflow in the function parseChars in compileTranslationTable.c bsc1095189 CVE-2018-11577: Fixed a segmentation fault in loulogPrint in logging.c...

openSUSE: Security Advisory for python3 (openSUSE-SU-2018:2712-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...